aboutsummaryrefslogtreecommitdiff
path: root/rpkid
diff options
context:
space:
mode:
Diffstat (limited to 'rpkid')
-rw-r--r--rpkid/rootd.py5
-rw-r--r--rpkid/rpki/resource_set.py15
-rw-r--r--rpkid/rpki/rpki_engine.py6
-rw-r--r--rpkid/rpki/x509.py16
4 files changed, 28 insertions, 14 deletions
diff --git a/rpkid/rootd.py b/rpkid/rootd.py
index 1b0115b0..ac38d76d 100644
--- a/rpkid/rootd.py
+++ b/rpkid/rootd.py
@@ -143,10 +143,7 @@ def issue_subject_cert_maybe(new_pkcs10):
f = open(rpki_root_dir + rpki_root_crl, "wb")
f.write(crl.get_DER())
f.close()
- manifest_resources = rpki.resource_set.resource_bag(
- asn = rpki.resource_set.resource_set_as(rpki.resource_set.inherit_token),
- v4 = rpki.resource_set.resource_set_ipv4(rpki.resource_set.inherit_token),
- v6 = rpki.resource_set.resource_set_ipv6(rpki.resource_set.inherit_token))
+ manifest_resources = rpki.resource_set.resource_bag.from_inheritance()
manifest_keypair = rpki.x509.RSA.generate()
manifest_cert = rpki_root_cert.issue(
keypair = rpki_root_key,
diff --git a/rpkid/rpki/resource_set.py b/rpkid/rpki/resource_set.py
index 08a577c9..611f1f44 100644
--- a/rpkid/rpki/resource_set.py
+++ b/rpkid/rpki/resource_set.py
@@ -703,6 +703,21 @@ class resource_bag(object):
not other.v6.issubset(self.v6)
@classmethod
+ def from_inheritance(cls):
+ """
+ Build a resource bag that just inherits everything from its
+ parent.
+ """
+ self = cls()
+ self.asn = resource_set_as()
+ self.v4 = resource_set_ipv4()
+ self.v6 = resource_set_ipv6()
+ self.asn.inherit = True
+ self.v4.inherit = True
+ self.v6.inherit = True
+ return self
+
+ @classmethod
def from_rfc3779_tuples(cls, exts):
"""
Build a resource_bag from intermediate form generated by RFC 3779
diff --git a/rpkid/rpki/rpki_engine.py b/rpkid/rpki/rpki_engine.py
index f31e1df7..ba7f1cf7 100644
--- a/rpkid/rpki/rpki_engine.py
+++ b/rpkid/rpki/rpki_engine.py
@@ -774,11 +774,7 @@ class ca_detail_obj(rpki.sql.sql_persistent):
Generate a new manifest certificate for this ca_detail.
"""
- resources = rpki.resource_set.resource_bag(
- asn = rpki.resource_set.resource_set_as(rpki.resource_set.inherit_token),
- v4 = rpki.resource_set.resource_set_ipv4(rpki.resource_set.inherit_token),
- v6 = rpki.resource_set.resource_set_ipv6(rpki.resource_set.inherit_token))
-
+ resources = rpki.resource_set.resource_bag.from_inheritance()
self.latest_manifest_cert = self.issue_ee(ca, resources, self.manifest_public_key)
def issue(self, ca, child, subject_key, sia, resources, publisher, child_cert = None):
diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index d013d247..61b5fef7 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -509,11 +509,17 @@ class X509(DER_object):
else:
assert not is_ca
- if resources is not None and resources.asn:
- exts.append(["sbgp-autonomousSysNum", True, (resources.asn.to_rfc3779_tuple(), None)])
-
- if resources is not None and (resources.v4 or resources.v6):
- exts.append(["sbgp-ipAddrBlock", True, [x for x in (resources.v4.to_rfc3779_tuple(), resources.v6.to_rfc3779_tuple()) if x is not None]])
+ # This next bit suggests that perhaps .to_rfc3779_tuple() should
+ # be raising an exception when there are no resources rather than
+ # returning None. Maybe refactor later.
+
+ if resources is not None:
+ r = resources.asn.to_rfc3779_tuple()
+ if r is not None:
+ exts.append(["sbgp-autonomousSysNum", True, (r, None)])
+ r = [x for x in (resources.v4.to_rfc3779_tuple(), resources.v6.to_rfc3779_tuple()) if x is not None]
+ if r:
+ exts.append(["sbgp-ipAddrBlock", True, r])
for x in exts:
x[0] = rpki.oids.name2oid[x[0]]
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-15 11:36:54 +0000